Amazon says some of its users' private email addresses released just hours before Black Friday

Company admits some email addresses released

Posted: 11:48 AM, Nov 21, 2018

Updated:2018-11-21 13:34:58-05

By:
John Matarese

Getty Images

Just as tens of millions of Americans are preparing to start their Black Friday shopping, the nation's largest retailer has admitted that it inadvertently released the names and email addresses of some of its customers — but it's making only a few details public.

Amazon customers across the U.S. and in Europe report receiving a strange email, that appears to be a phishing scam.

An example of the email is listed below.

IMPORTANT INFORMATION ABOUT YOUR AMAZON.COM ACCOUNT

"We're contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error. The issue has been fixed.

This is not a result of anything you have done, and there is no need for you to change your password or take any other action."

Sincerely, Customer Service

http://Amazon.com

Some tech blogs speculate that the email is a phishing scam, because of the way it is worded. In addition, the email asks users to not change their passwords, and the email signature that includes an "http" iURL instead of an "https" (which means the URL is secure).

But Amazon has confirmed
to the The Register UK
and The London Telegraph
that the email and breach are real. Companies are required under British law to report any data breaches immediately, well before US law requires them to divulge an issue.

However, American customers are also reporting they have received the email.

What you should do

Amazon is not sharing how many customers were affected, if any information beyond email addresses were shared, and whether the company was hacked.

Coming just one day before the start of Black Friday shopping, it is concerning.

Several security experts suggest that user change their password anyway if they have received this cryptic message from Amazon.

Amazon released the following statement early Wednesday afternoon:

“We have fixed the issue and informed customers who may have been impacted.”